Global Privacy and Cybersecurity Law Updates and Analysis

Article 29 Working Party Announces Launch of Binding Corporate Rules for Processors

Posted on December 21, 2012

On December 21, 2012, the Article 29 Working Party issued a press release announcing the launch of Binding Corporate Rules (“BCRs”) for processors effective January 1, 2013. This announcement follows the Article 29 Working Party’s adoption of a Working Document (WP 195) on June 6, 2012, which set forth requirements for BCRs for processors, and an application form for submitting BCRs for processors issued on September 17, 2012.

The news likely will be welcomed by data processors, particularly those that conduct large-scale, multinational data processing activities on behalf of data controllers in the EU. Once approved, BCRs for processors can be used as a mechanism for transferring personal data outside the EU in compliance with EU data protection rules. With BCRs, there will be no need to negotiate the safeguards and conditions for data processing each time a processor contracts with a data controller.

BCRs for processors also benefit data controllers, as they will enable data controllers to demonstrate to the EU data protection authorities that adequate protection has been put in place and to obtain the necessary authorization for transfers of their personal data to their processors (as well as subprocessors).

The application procedure for approval of BCRs for processors will be identical to the one established for BCRs for data controllers, as it will be based on a process with a lead data protection authority and a system of mutual recognition involving 21 EU data protection authorities.

Hunton & Williams LLP 2015

ATTORNEY ADVERTISING. Case results depend upon a variety of factors unique to each case. Case results do not guarantee or predict a similar result in any future case. Unless otherwise noted, attorneys not certified by the Texas Board of Legal Specialization.

About our Global Privacy & Cybersecurity Practice Group

Hunton & Williams’ Global Privacy and Cybersecurity practice helps companies manage data at every step of the information life cycle. The firm is a leader in its field and for the fourth consecutive year has been ranked by Computerworld magazine in a survey of more than 4,000 corporate privacy leaders as the top law firm globally for privacy and data security. Chambers and Partners also rated Hunton & Williams the top privacy and data security practice in its Chambers Global, Chambers USA and Chambers UK guides.